MichaelOldroyd.co.uk

Vagrant LAMP Stack with Debian Jessie

VagrantI thought it was about time I chucked my Vagrant LAMP stack into VCM, before I lost or broke it. For those unfamiliar with Vagrant, go do some reading!

It’s based upon a not-so-current version of Laravel Homestead. I switched it to the debian/jessie64 base box, and added an init shell script. The init script will run every time you run vagrant provision, so I have carefully crafted the script to ensure it will not break things when run multiple times.

Filed under Projects, Tutorials

A simple Debian based dev environment

API Callback URLs and HTTP Authentication

When developing web applications that use APIs, it is usually necessary to have the development site accessible for API callback URLs. A good example would be when working with payment gateway systems, which typically post back success or failure of transactions. In this event it is convenient to use HTTP authorisation to prevent outside access (users, crawlers, etc.). The issue with this is that API systems don’t always work with the http://[user]@[password]:[url] method of manually passing through this authentication method.

Filed under Development, Snippets

Disabling Apache Server Signature

I have been trying to disable the server signature for a while, but I found that turning off the ServerSignature directive didn’t work for all servers. The signature might read something like:

Apache/2.2.X (Ubuntu) mod_ssl/2.X.X OpenSSL/0.X.X

If your server exposes this information, it’s easier for an attacker to compromise a system based on flaws in a particular server software version (especially if your server software is allowed to become outdated, or your distribution is slow to release security updates). By default, it will display this on error pages in plain text, and also present it as a Server header on every request.

To disable completely, you should set the following directives in your Apache configuration:

ServerSignature Off
ServerTokens Prod

via Nixtechnica

Filed under Snippets

Optimising WordPress: Caching

WordPress LogoMaking your site as cache-able as possible is vital to ensure a smooth browsing experience. WordPress in it’s basic form is quite efficient, when you compare it to code-bases such as Magento. Adding functionality such as plug-ins, media, themes and widgets all have a negative effect on performance. As part of the process of making this domain as efficient as possible, a number of caching techniques have been considered and employed.

Filed under Articles, Development, Web